Setup Drive Shares

FineBuild can set up shares drives needed for SQL Server.

FineBuild sets up drive shares and permissions to make it easier for the DBA to navigate to the desired drive on a database server from the
SQL Administration Server. The labels used to
Setup Drive Labels are also used as the drive share names.

Permissions for shares always have to be assigned on the server to which the share relates. This is because permissions for shares cannot be assigned by a GPO.

It is strongly recommended that Windows Access-Based Enumeration is activated to prevent users finding the names of shares they do not have access to. If access-based enumeration is not used then the share names should not include the drive letters, as these
could help an outsider understand the server configuration. Only include the drive letters in the share names if access-based enumeration is active for the server.

The share permissions are set up on the basis that:

Permissions on shares should be kept as simple as possible. A complex list of permissions on a share is both difficult to manage and audit, and can give a misleading sense of security.

Windows controls access to the server via membership of the local User group. Restricting membership of this group is a key part of overall server security.

If a user has been granted access to the server, then they can navigate to the location specified by

the share regardless of the permissions on the share. Access to data on the server can only be controlled by permissions to the relevant files and folders.

Therefore, there is no benefit in having a permissions list on any share that is more complex than that shown below:

Drive Letter

Label

Share Name

Permission

User / Group

C:

System

(C) System

Full Control

(local) Administrators

Change

(local) Users

E:

Tools

(E) Tools

Full Control

(local) Administrators

Change

(local) Users

F:

FT Data

(F) FT Data

Full Control

(local) Administrators

Change

(local) Users

I:

Backup

(I) Backup

Full Control

(local) Administrators

Change

(local) Users

J:

SQL Logs

(J) SQL Logs

Full Control

(local) Administrators

Change

(local) Users

K:

SQL Data

(K) SQL Data

Full Control

(local) Administrators

Change

(local) Users

T:

Temp

(T) Temp

Full Control

(local) Administrators

Change

(local) Users

FineBuild Drive Shares Processing

Processing of Drive Shares relates to Process Id 1FA in the FineBuild1Preparation script, and is controlled by the parameter below: